Shared Flashcard Set

Details

2B - SES 622 - Module 2 - Systemic Security Requirements
N/A
36
Engineering
Graduate
04/30/2012

Additional Engineering Flashcards

 


 

Cards

Term
Physical Security encompasses what three main things?
Definition
1. Environmental tolerances
2. Covers damage and loss due to sabotage or theft.
3. Includes threats to personnel, including coercion of trusted insiders.
Term
What does EASI stand for?
Definition
Estimate of Advisory Sequence Interuption
Term
What is EASI?
Definition
It is a is a dynamic, analytic method widely used by security professionals to evaluate a physical protection security system (ppss).
Term
What is the Critical Detection Point (CDP)?
Definition
Any position on a facility where if an adversary is detected, there is enough time remaining for the response force to interrupt the adversary.
Term
What is Adversary Path Analysis?
Definition
A method that analyzes many attack paths in order to indentify the path of greatest system vulnerability.
Term
What is a connectivity diagram?
Definition
A node/link based diagram where nodes represent physical or logical locations with the system and links measure connectivity between the locations such as travel time or cost to travel between nodes. Used to identify shortest paths through the system.
Term
How is a simple incident matrix created? (2 steps)
Definition
1. One row for each node and one column for each arc.
2. For each arc (i, j), put +1 in row i and -1 in row j.
Term
What are the two main types of connectivity diagrams?
Definition
1. Task-based.
2. Location-based.
Term
Compare Task-based and Location-based Connectivity diagrams
Definition
1. Task-based are usually based on more information and so are better for travel time and detection probability analysis.
2. Location-based are generally based on less information and so should be more conservative.
Term
What are the four characterisitc factors of Multiple Adversary Team analysis?
Definition
1. The helper team detection factor (HTDF)
2. The helper team time factor (HTTF)
3. The simultaneous primary team detection factor (STDF)
4. The Simultaneous primary team time factor (STTF)

These four factors help to describe the influence multiple adversary teams have on one another and they must be specified at the outset of the problem.
Term
What is a physical security survey? (two main parts)
Definition
A technique to recognize and appraise two types of risk to target:
• Possible maximum loss
• Probable maximum loss
Often used on a scenario basis in combination with threat analysis.
Term
What is a "message"?
Definition
Information materialized.
Term
What is information? (three parts)
Definition
1. Carries new knowledge.
2. Conveyed by some carier: Letters, digits, symbols.
3. Is meaningful/interpretable to the recipient.
Term
What are four main questions that Information Theory is concerned with?
Definition
1. How to quantify the amount of information?
2. How much memory is needed to store information?
3. How can we protect the information?
4. What to do if information is corrupted by noise?
Term
What is the information content of a message according to Claude Elwood Shannon?
Definition
The number of 0s and 1s it takes to describe the information.
Term
What is the elementary unit of information?
Definition
The bit.
Term
All models of information flow include a "channel". What happen to information as it flow across a channel?
Definition
The information can be corrupted. Note: Even if security is not considered, this can be done through the introduction of random information (noise).
Term
What was Claude Elwood Shannon's basic information flow observation regarding bit correction?
Definition
We should not correct single bits. This is wasteful. We should correct blocks of bits.
Term
According to information theory, information is contained only is the messages that are "fill-in-the-blank-here" to the receiver.
Definition
Uncertain
Term
What is meta data?
Definition
Data that describes data. E.g., network packet headers, block parity bits, etc.
Term
What are the three main parts of traditional information classification?
Definition
1. Create information.
2. Label using meta data.
3. Handle according to label.
Term
What was the more recent insight over traditional information classification?
Definition
Data should be classified according to how the system data is processed/used.
Term
System security requirements should be integrated into what type of system requirements?
Definition
Functional
Term
System vulnerability are frequently introduced in what type of requirements?
Definition
Interface.
Term
What is specialty engineering?
Definition
The collection of those narrow disciplines that are needed to engineer a complete system. E.g., reliability, maintainability, availability, human factors, safety, electromagnetic effects, facilities, logistics.
Term
What is reliability?
Definition
The probability that an item will perform its intended function for a specified period of time under stated conditions.
Term
What is availability?
Definition
A measure of the degree to which an item is in an operable and committable state at the start of a mission when the mission is called for at a random time.
Term
What is maintainability?
Definition
The measure of the ability of an item to be retained in or testored to a specified condition when maintenance is performed by personnel having specified skill lelvel, using prescribed procedures and resources, at each presribed level of maintenance and repair.
Term
Qualities to Components (hierarchy - sevel levels)
Definition
1. Need(ed Quality)
2. Attributes (qualitative)
3. Capabilities
4. Functions
5. Measures
6. Analysis
7. Units/Components
Term
System Security (definition)
Definition
An emergent property that arises from the interactions between system elements and an adversary
• adversary may or may not be part of the system under consideration
• adversary may or may not be intentionally malicious
Term
Epistemic Frame
Definition
A theory of learning that looks not at isolated skills and knowledge, but at how those skills and knowledge systematically link to one another—and to the values, identity, and ways of making decisions and justifying actions of some community of practice.
Term
Security (Bayuk)
Definition
Something that thwarts people (and/or systems acting on their behalf) who, intentionally or not, enact threats that exploit system vulnerabilities and thereby cause damage that adversely impacts system value.
Term
System Feature (Bayuk)
Definition
A system capability that contributes to its security.
Term
Security Metric
Definition
Measurement that characterizes an attribute of the system of interest that is proposed to have both face and construct validity in the context of a hypothesis that the system is secure.
Term
Security Framework
Definition
The concept of operations, mission, and environment under which a system operates.
Term
Security Systemigram (story)
Definition
Security thwarts perpetrators who enact threats to exploit vulnerabilities that permit disruption that harms systems which produce and manage value.
Supporting users have an ad free experience!